In the past, for example, for securely transmitting information and protecting intellectual property, it has been requested to restrict access information to only limited persons. Usually, this is realized by using encryption.
In transmitting information by encryption, the sender of the information and the legitimate receiver have to know in advance separate information not known to a third party. This information is called the “encryption key”.
In general, as an encryption method (system), the common key encryption method in which the key used by the sender for encryption (encoding) and the key used by the receiver for decoding are the same and the public key encryption method in which special keys called a public key and secret key are used have been known.
First, the public key encryption method has the advantage of ease of distribution of the key, but has the problem of a large amount of processing necessary for encryption. Further, a public key and a secret key have a certain relationship. The security is based on the fact that with current computers and processing algorithms, it would take tremendous processing time to obtain the secret key from the public key and therefore this would be substantially impossible, so there is the possibility of the discovery of a new algorithm etc. causing security to be impaired.
On the other hand, the common key encryption method has the problem of difficult secure distribution of the secret key, but less processing, so can be used for high speed communication. Therefore, public key encryption is often used for distribution of the secret key, while common key encryption is often used for communication of actual information.
The common key encryption method includes the block encryption method of dividing the information (plaintext) desired to be sent into blocks of a certain length and using the same secret key for each block for encryption and the stream encryption method of using a secret key to generate a pseudo random sequence and using this pseudo random sequence to encrypt the plaintext for each bit.
FIG. 1 is a block diagram for explaining an example of the conventional stream encryption method. As illustrated in FIG. 1, in one example of the conventional stream encryption method, for example, the sending side uses the secret key as a starting point for random number generation so as to generate a pseudo random sequence and uses that pseudo random sequence to encrypt the plaintext to generate encrypted text. Specifically, for example, it obtains the XOR of the pseudo random sequence “01011001” and plaintext “00110101” for each bit so as to generate the encrypted text “01101100” and sends the encrypted text through a channel to the receiving side.
The receiving side obtains the XOR of the encrypted text “01101100” and pseudo random sequence “01011001” sent for each bit to obtain the original plaintext “00110101”.
In this way, the conventional stream encryption method, for example, uses a secret key as a starting point for random number generation so as to generate a pseudo random sequence and obtains the XOR for each bit of the pseudo random sequence and plaintext so as to generate encrypted text.
Therefore, if it were possible to obtain part of the plaintext corresponding to the encrypted text, it would become possible to obtain part of the pseudo random sequence. Here, a random number generator determines the random sequence unambiguously if the current internal status is determined, so if that internal status could be deduced from part of a pseudo random sequence ending up in the hands of an eavesdropper, the encrypted text would end up being completely decoded.
Therefore, the ease of deduction of the internal status from part of a pseudo random sequence determines the security. Therefore, a random number generator of a simple configuration such as a linear feedback type shift register may not be used at all in practice. One having a complicated configuration having non-linearity has to be used.
In this regard, even if part of the plaintext ends up becoming known to an eavesdropper, if it were difficult to determine the pseudo random sequence from that, the danger of the internal status of the random number generator ending up becoming known will be able to be reduced. As a technique based on this idea, physical noise or a physical random number is sometimes added for the encryption.
FIG. 2 is a block diagram for explaining another example of a conventional stream encryption method and illustrates a stream encryption method designed so that even if information of the plaintext is known, the information of a random number will not be unambiguously learned.
As illustrated in FIG. 2, in another example of the conventional stream encryption method, the sending side adds the physical random number (physical noise) “01” to the plaintext “0”, uses a pseudo random sequence to jumble it and generate encrypted text “010”, and sends this through a channel to the receiving side.
The receiving side performs processing on the encrypted text “010” reverse to the jumbling performed using the pseudo random sequence at the sending side (jumbling−1) to obtain the plaintext “0”.
In another example of this conventional stream encryption method, to prevent information of a pseudo random number from being unambiguously learned even if information of the plaintext is known, a physical random number or physical noise is added to obtain the encrypted text, so the amount of information of the encrypted text has to be larger than the amount of information of the plaintext.
Therefore, when transmitting information by a binary signal, it is requested to assign the encrypted text a larger number of bits than the plaintext. A drop in the encoding rate is unavoidable. Furthermore, in analog (multivalue) transmission, it is possible to transmit data without causing a drop in the data rate, but the requested S/N ratio becomes larger, so the capacity of the communication channel also has to be increased. This is no different from a drop in the actual encoding rate.
In this regard, in the past, as a time-division multiplex communication system preventing divulgence of content of a data signal to a station other than the corresponding sending and receiving stations, one designed to obtain an XOR of an M-sequence signal differing between the sending and receiving stations and the data signal, then send the information has been proposed (for example, see Japanese Laid-Open Patent Publication No. 60-032453). However, in this methods the individual data are independently encrypted. This does not mean combining a large number of data for the encryption to enhance secrecy of the communication.
Further, as an example of encryption using the above physical noise, in the past an encryption method using quantum noise of laser light (coherent light) for analog transmission so as to enhance secrecy (Y-00) has also been proposed (for example, see G. A. Barbosa, “Fast and secure key distribution using mesoscopic coherent states of light”, Phys. Rev. A 68, 052307 (2003)).